PSD2 Compliance – What does it mean for Magento retailers?

Author:

Alex Ashman

Published:

September 4, 2019

The European Union will soon require all merchants in the EU and UK to comply with the Payment Services Directive’s (PSD2) new Secure Customer Authentication (SCA). Scheduled to go into effect on 14th September, this is a further iteration of the Payment Services Directive (PSD) from 2007.

It will have a big impact on merchants and the way that payments are processed, and should provide a measurable benefit to consumer protection and security.

What Have Magento Said About PSD2 Compliance?

An email was sent out earlier this month, reminding merchants of the necessary actions to be taken and focuses specifically on the rollout of 3D secure 2.0.

Their recommendations look at Strong Customer Authentication (SCA), which requires 2 of these 3 criteria to be met:

Something the customer knows, i.e. a password or PIN that they set
Something the customer has such as a phone or other hardware token for authentication
Something the customer is, so the ability to use a fingerprint or facial recognition

If these criteria are not met, then payments may be declined. However, Magento have advised that “low risk and low value transactions might still be accepted, as well as subsequent payments in a recurring subscription.”

To avoid any disruption to payments being processed, Magento have provided a table summarising the actions required to ensure support for 3D Secure 2.0. We have added Sagepay as it's one of the most popular payment methods in the UK:

Payment method	Action
PayPal	No action is needed to comply with PSD2, because all requirements are handled by PayPal.
Braintree	To comply with PSD2, do one of the following: (Recommended) Install the official Braintree payment integration extension from the Magento Marketplace. Enable and configure the Braintree payment method in the Magento configuration. These integrations support 3D Secure 2.0 verification. However, Braintree implementations that run on JavaScript SDK v2 do not support 3D Secure 2.0.
Authorize.net	To comply with PSD2, do one of the following: (Recommended) Install the official Authorize.Net payment integration extension from the Magento Marketplace. Enable and configure the Authorize.Net payment method in the Magento configuration.
SagePay	To comply with PSD2, do one of the following: (Recommended) Install the official Sagepay payment integration extension from the Magento Marketplace. E.g. the ebizmarts changelog can be found here - http://wiki.ebizmarts.com/changelog
Other	For all other payment integrations, check the available extensions on the Magento marketplace. You can also ask your payment provider what solutions they recommend to support PSD2 requirements.

What Action Do I Need To Take?

You need to review your payment methods using the table above and see if any action is required. If it is, then you can speak to one of our Magento Solution Specialists for any advice regarding your specific circumstances.